Spring Boot 整合shiro模擬前後端分離
完整項目地址:https://github.com/Kahen/springboot-shiro2
加入全局異常監控
package com.example.aspect;
import org.apache.shiro.authz.UnauthorizedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import java.util.HashMap;
import java.util.Map;
/**
* @author Kahen
* @create 2020-02-01 11:13
*/
@RestControllerAdvice //以json串的形式返回出去
public class AppExceptionAdivse {
@ExceptionHandler(value= {UnauthorizedException.class})
public Map<String, Object> unauthorized() {
Map<String, Object> map=new HashMap<>();
map.put("code", 302);
map.put("msg", "未授權");
System.out.println("未授權");
return map;
}
}
創建LoginController
package com.example.controller;
import com.example.common.ActiverUser;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.Map;
/**
* @author kahen
*/
@RestController
@RequestMapping("login")
public class LoginController {
/**
* 登陸
*/
@RequestMapping("login")
public Map<String,Object> login(String username, String password, HttpSession session) {
Map<String,Object> map=new HashMap<>();
//封裝token
UsernamePasswordToken token=new UsernamePasswordToken(username, password);
//得到主體
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
ActiverUser activerUser = (ActiverUser) subject.getPrincipal();
session.setAttribute("user", activerUser.getUser());
map.put("code", 200);
map.put("msg", "登陸成功");
return map;
} catch (AuthenticationException e) {
e.printStackTrace();
map.put("code", -1);
map.put("msg", "登陸失敗 用戶名或密碼不正確");
return map;
}
}
}
創建UserController
package com.example.controller;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.HashMap;
import java.util.Map;
/**
* @author kahen
*/
@RestController
@RequestMapping("user")
public class UserController {
@RequiresPermissions(value= {"user:query"})
@RequestMapping("query")
public Map<String,Object> query() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "query");
return map;
}
@RequiresPermissions(value= {"user:add"})
@RequestMapping("add")
public Map<String,Object> add() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "add");
return map;
}
@RequiresPermissions(value= {"user:update"})
@RequestMapping("update")
public Map<String,Object> update() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "update");
return map;
}
@RequiresPermissions(value= {"user:delete"})
@RequestMapping("delete")
public Map<String,Object> delete() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "delete");
return map;
}
@RequiresPermissions(value= {"user:export"})
@RequestMapping("export")
public Map<String,Object> export() {
Map<String,Object> map=new HashMap<>();
map.put("msg", "export");
return map;
}
}
創建ShiroLoginFilter
package com.example.filter;
/**
* @author Kahen
* @create 2020-02-01 11:28
*/
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.Map;
public class ShiroLoginFilter extends FormAuthenticationFilter {
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
//if (isAjax(request)) {
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json");
Map<String, Object> resultData = new HashMap<>();
resultData.put("code", -1);
resultData.put("msg", "未登錄!");
httpServletResponse.getWriter().write(JSONObject.toJSON(resultData).toString());
/* } else {
// saveRequestAndRedirectToLogin(request, response);
*//**
* @Mark 非ajax請求重定向爲登錄頁面
*//*
httpServletResponse.sendRedirect("/login.jsp");
}*/
return false;
}
private boolean isAjax(ServletRequest request) {
String header = ((HttpServletRequest) request).getHeader("X-Requested-With");
if ("XMLHttpRequest".equalsIgnoreCase(header)) {
return Boolean.TRUE;
}
return Boolean.FALSE;
}
}
修改pom.xml引入fastjson
<fastjson.version>1.2.60</fastjson.version>
<!-- https://mvnrepository.com/artifact/com.alibaba/fastjson -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>${fastjson.version}</version>
</dependency>
創建ShiroProperties
該項目有引入lombok插件
package com.example.config;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* @author Kahen
* @create 2020-01-19 20:47
*/
@ConfigurationProperties(value = "shiro")
@Data
public class ShiroProperties {
private String hashAlgorithmName = "md5";
private Integer hashIterations = 2;
private String loginUrl;
private String unauthorizedUrl;
private String[] anonUrls;
private String logoutUrl;
private String[] authUrls;
}
創建ShiroAutoConfiguration
package com.example.config;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.example.filter.ShiroLoginFilter;
import com.example.realm.UserRealm;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.DelegatingFilterProxy;
import javax.servlet.Filter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author Kahen
* @create 2020-01-19 20:45
*/
@Configuration
@EnableConfigurationProperties(ShiroProperties.class)
public class ShiroAutoConfiguration {
@Autowired
private ShiroProperties shiroProperties;
/**
* 創建憑證匹配器
*/
@Bean
public HashedCredentialsMatcher credentialsMatcher() {
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(shiroProperties.getHashAlgorithmName());
credentialsMatcher.setHashIterations(shiroProperties.getHashIterations());
return credentialsMatcher;
}
/**
* 創建realm
*/
@Bean
public UserRealm userRealm(CredentialsMatcher credentialsMatcher) {
UserRealm userRealm = new UserRealm();
//注入憑證匹配器
userRealm.setCredentialsMatcher(credentialsMatcher);
return userRealm;
}
/**
* 聲明安全管理器
*/
@Bean("securityManager")
public SecurityManager securityManager(UserRealm userRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
/**
* 配置過濾器 Shiro 的Web過濾器 id必須和web.xml裏面的shiroFilter的 targetBeanName的值一樣
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
//注入安全管理器
bean.setSecurityManager(securityManager);
//注入登陸頁面
bean.setLoginUrl(shiroProperties.getLoginUrl());
//注入未授權的頁面地址
bean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
//注入過濾器
Map<String, String> filterChainDefinition = new HashMap<>();
//注入放行地址
if (shiroProperties.getAnonUrls() != null && shiroProperties.getAnonUrls().length > 0) {
String[] anonUrls = shiroProperties.getAnonUrls();
for (String anonUrl : anonUrls) {
filterChainDefinition.put(anonUrl, "anon");
}
}
//注入登出的地址
if (shiroProperties.getLogoutUrl() != null) {
filterChainDefinition.put(shiroProperties.getLogoutUrl(), "logout");
}
//注攔截的地址
String[] authcUrls = shiroProperties.getAuthUrls();
if (authcUrls != null && authcUrls.length > 0) {
for (String authcUrl : authcUrls) {
filterChainDefinition.put(authcUrl, "authc");
}
}
bean.setFilterChainDefinitionMap(filterChainDefinition);
//創建自定義filter
ShiroLoginFilter filter = new ShiroLoginFilter();
Map<String, Filter> map = new HashMap<>();
map.put("authc", filter);
bean.setFilters(map);
return bean;
}
/**
* 註冊過濾器
*/
@Bean
public FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBeanDelegatingFilterProxy() {
FilterRegistrationBean<DelegatingFilterProxy> bean = new FilterRegistrationBean<>();
//創建過濾器
DelegatingFilterProxy proxy = new DelegatingFilterProxy();
bean.setFilter(proxy);
bean.addInitParameter("targetFilterLifecycle", "true");
bean.addInitParameter("targetBeanName", "shiroFilter");
// bean.addUrlPatterns();
List<String> servletNames = new ArrayList<>();
servletNames.add(DispatcherServletAutoConfiguration.DEFAULT_DISPATCHER_SERVLET_BEAN_NAME);
bean.setServletNames(servletNames);
return bean;
}
/**
* 這裏是爲了能在html頁面引用shiro標籤,上面兩個函數必須添加,不然會報錯
*/
@Bean(name = "shiroDialect")
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
/*加入註解的使用,不加入這個註解不生效--開始*/
/**
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
@Bean
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
/*加入註解的使用,不加入這個註解不生效--結束*/
}
啓動項目測試
項目啓動後,在瀏覽器中輸入
http://localhost:8080/login/login?username=zhangsan&password=123
會得到返回錯誤的json
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-FpwYVGmI-1580534719492)(E:\Legend\MarkDown\images\Snipaste_2020-02-01_12-03-44.png)]](https://pic1.xuehuaimg.com/proxy/csdn/https://img-blog.csdnimg.cn/20200201132607259.png)
訪問查詢用戶
http://localhost:8080/user/query
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-H6g4dTIU-1580534719498)(E:\Legend\MarkDown\images\image-20200201123122104.png)]](https://pic1.xuehuaimg.com/proxy/csdn/https://img-blog.csdnimg.cn/20200201132623325.png)
訪問正確的用戶
http://localhost:8080/login/login?username=zhangsan&password=123456
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-vhzit8Np-1580534719500)(E:\Legend\MarkDown\images\image-20200201123322723.png)]](https://pic1.xuehuaimg.com/proxy/csdn/https://img-blog.csdnimg.cn/20200201132639592.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzI1OTgxMzc3,size_16,color_FFFFFF,t_70)
重新訪問http://localhost:8080/user/query
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-c7GQtBtB-1580534719503)(E:\Legend\MarkDown\images\image-20200201123901961.png)]](https://pic1.xuehuaimg.com/proxy/csdn/https://img-blog.csdnimg.cn/20200201132701633.png)
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-IKo82I6p-1580534719505)(E:\Legend\MarkDown\images\image-20200201124018987.png)]](https://pic1.xuehuaimg.com/proxy/csdn/https://img-blog.csdnimg.cn/2020020113271760.png)
